| Message ID | 20190127045755.GH2217@ZenIV.linux.org.uk (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | btrfs: oops in device_list_add() | expand |
On 27.01.19 г. 6:58 ч., Al Viro wrote: > alloc_fs_devices() can return ERR_PTR(-ENOMEM), so > dereferencing its result before the check for IS_ERR() is > a bad idea... > > Fixes: d1a63002829a4 > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Thought this was already fixed, doh... Reviewed-by: Nikolay Borisov <nborisov@suse.com> > --- > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c > index 85149f27644d..72adc5643bde 100644 > --- a/fs/btrfs/volumes.c > +++ b/fs/btrfs/volumes.c > @@ -955,11 +955,11 @@ static noinline struct btrfs_device *device_list_add(const char *path, > else > fs_devices = alloc_fs_devices(disk_super->fsid, NULL); > > - fs_devices->fsid_change = fsid_change_in_progress; > - > if (IS_ERR(fs_devices)) > return ERR_CAST(fs_devices); > > + fs_devices->fsid_change = fsid_change_in_progress; > + > mutex_lock(&fs_devices->device_list_mutex); > list_add(&fs_devices->fs_list, &fs_uuids); > >
On 1/27/19 12:58 PM, Al Viro wrote: > alloc_fs_devices() can return ERR_PTR(-ENOMEM), so > dereferencing its result before the check for IS_ERR() is > a bad idea... > > Fixes: d1a63002829a4 > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> nice catch. Reviewed-by: Anand Jain <anand.jain@oracle.com> > --- > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c > index 85149f27644d..72adc5643bde 100644 > --- a/fs/btrfs/volumes.c > +++ b/fs/btrfs/volumes.c > @@ -955,11 +955,11 @@ static noinline struct btrfs_device *device_list_add(const char *path, > else > fs_devices = alloc_fs_devices(disk_super->fsid, NULL); > > - fs_devices->fsid_change = fsid_change_in_progress; > - > if (IS_ERR(fs_devices)) > return ERR_CAST(fs_devices); > > + fs_devices->fsid_change = fsid_change_in_progress; > + > mutex_lock(&fs_devices->device_list_mutex); > list_add(&fs_devices->fs_list, &fs_uuids); > >
On Sun, Jan 27, 2019 at 04:58:00AM +0000, Al Viro wrote: > alloc_fs_devices() can return ERR_PTR(-ENOMEM), so > dereferencing its result before the check for IS_ERR() is > a bad idea... > > Fixes: d1a63002829a4 > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Thanks, added to 5.0-rc queue.
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 85149f27644d..72adc5643bde 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -955,11 +955,11 @@ static noinline struct btrfs_device *device_list_add(const char *path, else fs_devices = alloc_fs_devices(disk_super->fsid, NULL); - fs_devices->fsid_change = fsid_change_in_progress; - if (IS_ERR(fs_devices)) return ERR_CAST(fs_devices); + fs_devices->fsid_change = fsid_change_in_progress; + mutex_lock(&fs_devices->device_list_mutex); list_add(&fs_devices->fs_list, &fs_uuids);
alloc_fs_devices() can return ERR_PTR(-ENOMEM), so dereferencing its result before the check for IS_ERR() is a bad idea... Fixes: d1a63002829a4 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> ---